[NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case search for loops

[linux-2.6-omap-h63xx.git] / net / ipv6 / netfilter / ip6_tables.c

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 4eec4b3988b824af9b763cb615d4e2ee148d9127..99502c5da4c45336cf2cd1b5ed2c71b3ea685744 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -413,6 +413,7 @@ mark_source_chains(struct xt_table_info *newinfo,
                unsigned int pos = newinfo->hook_entry[hook];
                struct ip6t_entry *e
                        = (struct ip6t_entry *)(entry0 + pos);
+               int visited = e->comefrom & (1 << hook);
 
                if (!(valid_hooks & (1 << hook)))
                        continue;
@@ -433,11 +434,11 @@ mark_source_chains(struct xt_table_info *newinfo,
                                |= ((1 << hook) | (1 << NF_IP6_NUMHOOKS));
 
                        /* Unconditional return/END. */
-                       if (e->target_offset == sizeof(struct ip6t_entry)
+                       if ((e->target_offset == sizeof(struct ip6t_entry)
                            && (strcmp(t->target.u.user.name,
                                       IP6T_STANDARD_TARGET) == 0)
                            && t->verdict < 0
-                           && unconditional(&e->ipv6)) {
+                           && unconditional(&e->ipv6)) || visited) {
                                unsigned int oldpos, size;
 
                                if (t->verdict < -NF_MAX_VERDICT - 1) {